On the Privacy Risks of Cell-Based NAS Architectures

TL;DR

This paper systematically evaluates the privacy vulnerabilities of cell-based neural architecture search (NAS) architectures, revealing how design choices influence privacy risks and proposing strategies for more robust models.

Contribution

It is the first comprehensive study to measure and analyze the privacy risks of NAS architectures, providing insights into cell pattern impacts and a methodology for designing privacy-robust NAS models.

Findings

NAS architectures are vulnerable to privacy attacks.

Cell patterns significantly influence privacy risks.

Design strategies can mitigate privacy vulnerabilities.

Abstract

Existing studies on neural architecture search (NAS) mainly focus on efficiently and effectively searching for network architectures with better performance. Little progress has been made to systematically understand if the NAS-searched architectures are robust to privacy attacks while abundant work has already shown that human-designed architectures are prone to privacy attacks. In this paper, we fill this gap and systematically measure the privacy risks of NAS architectures. Leveraging the insights from our measurement study, we further explore the cell patterns of cell-based NAS architectures and evaluate how the cell patterns affect the privacy risks of NAS-searched architectures. Through extensive experiments, we shed light on how to design robust NAS architectures against privacy attacks, and also offer a general methodology to understand the hidden correlation between the NAS-searched architectures and other privacy risks.